While they may be the most publicised, hackers aren’t the only security threat facing large enterprises today. Some of the biggest risks come from outdated and poorly synchronised internal procedures that thwart efforts to respond quickly at the time of a breach.
Analysts are calling this the ‘SecOps gap’- a critical breakdown in communication between the security and IT operations teams that can have significant implications to businesses, exposing them to unnecessary risks and system downtime.
As outlined in a recent report from Forbes and BMC, an organisation’s security arsenal is determined by the strength of its IT and security departments combined; their united front fundamental to planning for and identifying risks before they arise. In reality though, conflicting responsibilities and varying performance metrics mean their individual goals are misaligned.
The need to improve coordination between security and IT operations teams is far from being an academic exercise. Without the right processes in place, vulnerabilities take longer to remediate, labour costs in both departments can increase, patches can be poorly applied, and organisations are more vulnerable to slip-ups in regulatory compliance.
Building a unified security front requires today’s enterprises to create a game plan that considers technology, people and processes and how they correlate. Operations and security need to understand the requirements and concerns of the other and in many cases, implement a formal strategy to do so.
The skilled people that compose the security and operations departments can benefit greatly from having internal reporting structures that create common goals for making business systems more secure, more reliable and in compliance with regulations.
Those organisations leading the way in closing the SecOps gap are rethinking internal reporting structures, breaking down departmental boundaries, rewriting job descriptions and creating new compensation packages, all with an eye toward forging closer ties between security and operations. For example, maintaining a disciplined patch management schedule may become a new responsibility that IT operations shares with security, while security team members are evaluated by how clearly they prioritise patch rollouts.
These organisations are also identifying in advance, which systems to prioritise first at the time of a breach. In some cases, what may seem like a high priority to security people may not be viewed that way by the operations team, given this department’s focus on uptime and performance. Without any guidance from the security team about what’s critical and what can safely be deployed during regularly scheduled maintenance, the ops team can easily become frustrated. So by understanding that these frustrations exist, many forward-thinking organisations create an action plan and priority schedule before a security crisis erupts.
At a glance, closing the SecOps gap requires a combination of the following:
- Cultivate a culture of security awareness that encourages all employees to consider security implications before engaging in a new activity.
- Quantify returns on investments for security, uptime and compliance using custom metrics that account for the unique characteristics of each asset.
Create cross-functional working groups to share security and operations concerns and foster greater understanding of each other’s roles.
Replace error-prone manual processes with intelligent compliance and security platforms that automate the testing and rollout of security patches and provide centralized information management tools.
Develop collaborative workflow processes that smooth the interactions of security, IT operations and compliance personnel.Read more: Better bug-bounty reports helped Facebook hone in on 2015's surge in critical flaws
Whether viewed from a security, operational or compliance perspective, SecOps alignment is essential
to ensure modern enterprises perform at levels required in today’s competitive marketplace. Along with the challenges that SecOps represents, it also presents an important opportunity—by working to close the SecOps gap, the two teams can more successfully meet their individual goals and improve the overall success of their business.